Is there a way to do login programatically. We need to do this from a script to be able to connect to k8s cluster created in AWS control tower managed account.

[danushkaf]

Is there a way to do login programatically. We need to do this from a script to be able to connect to k8s cluster created in AWS control tower managed account.

Originally posted by @danushkaf in #3447 (comment)

[jamesls]

Not as far as I'm aware. I'm not super familiar with AWS control tower but if you're using EKS for k8s, could you use IAM ROles with the OIDC integration? All SDKs and the AWS CLI support this credential provider? https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html

[no-response]

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.

[danushkaf]

Not as far as I'm aware. I'm not super familiar with AWS control tower but if you're using EKS for k8s, could you use IAM ROles with the OIDC integration? All SDKs and the AWS CLI support this credential provider? https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html

Seems This is about accessing another accounts aws account via cli from a pod. But what I want to achieve is get access to kubectl from the master account's user. [1] works well if we are doing only aws things. But we need kubectl access and its not accessible from aws cli. For me it seems a bug of aws cli.

[1] https://controltower.aws-management.tools/required/cttasks/#1-2-programmatic-access

[alangford]

I'm currently wanting to do the same. I have a build terraform user in Active Directory that is hooked up to AWS SSO. I would like to programmatically login as that user using a bash script during build or deploy time. I could do this with IAM, But I'd rather not have to manage any user using IAM

[tarasrng]

I've implemented an app for automated login. It still uses CLI and browser, but at least no manual job is needed
https://github.com/tarasrng/aws-sso-credentials-fetcher

[alangford]

Any update on this?

[tim-finnigan]

Per this comment in a related issue a --no-browser parameter was added for sso commands. Does that address the use case here? If not then perhaps this should be combined with #5061 going forward.

[github-actions]

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.